Authenticating the identity claim of a user is an important step in ensuring the security of systems, networks, services and facilities, both for physical and for logical access. Existing user authentication is often performed on the basis of a user's knowledge of a single verification object, e.g., a password or a personal identification number (PIN). Existing user authentication may also be performed on the basis of possession of a single verification object, e.g., a key or a card. Other existing authentication techniques include the use of a single biometric feature as the verification object, e.g., a fingerprint, a voiceprint, an iris scan or a face scan.
Verification is typically done by comparing the verification object obtained from the user at the time of attempted access to previously stored objects. Thus, in the case of a fingerprint, if the fingerprint obtained from the user at the time of attempted access matches a prestored fingerprint (presumably taken from the user at some earlier time), then access is granted. If no match is found, then access is denied.
However, these existing authentication techniques have many drawbacks. For example, keys or passwords may be stolen or biometric features may be compromised, e.g., using false fingerprints.
More recent techniques attempt to use more than one biometric recognition technique, such as face and voice print recognition. However, such techniques typically acquire and analyze each biometric feature sequentially and independently and merely combine the final outputs in a predetermined static manner, and thus do not utilize any interaction between biometrics.
Further, existing authentication techniques fail to provide enough flexibility to address various user-specific, transaction-specific or application-specific constraints or requirements. For example, a user-specific constraint may be that a user with a cut on his finger may not be able to use a fingerprint recognition system. A transaction-specific constraint may be that a million dollar transaction should require a higher degree of authentication as opposed to a ten dollar transaction. An application-specific constraint may be that security questions based on a banking application may not be suitable for a travel application. Existing authentication approaches are just not flexible enough to handle these types of constraints or requirements.
Accordingly, given the growing interest in security and authentication and the deficiencies of existing authentication systems, there is a clear need for an improved authentication framework that provides a high degree of flexibility, accuracy, convenience and/or robustness.